This invention generally relates to computer security, and more particularly to protecting against notification based phishing attacks.
The Internet has significantly and dramatically changed the way people live and communicate. The internet gives users access to a vast number of resources from locations around the world. In addition, the Internet allows users to perform commercial transactions and share private and sensitive information. A significant concern when browsing the Internet is the vulnerability of the equipment, the data, and the information to attacks from malicious individuals or organizations. Thus, the security of the equipment and information is an important challenge.
One type of fraudulent act over the Internet is known as phishing, which has become one of the fastest growing online threats. In the last few years, there have been significant increases in the number of phishing attacks over the Internet, and thus users are now looking for effective ways for blocking such attacks.
Phishing refers to an attempt to fraudulently retrieve sensitive information, such as bank account information, social security numbers, passwords, and credit card information, by masquerading as a trustworthy person or business with a proper need for such information.
In a phishing attack, an individual receives a message, commonly in the form of an e-mail directing the individual to perform an action, such as opening an e-mail attachment or following (e.g., using a cursor controlled device or touch screen) an embedded link. If such message were from a trusted source (e.g., a co-worker, a known bank or utility company), then such action might carry little risk. In a phishing attack, such message is from an attacker (e.g., an individual using a computing device to perform a malicious act on another computer device user) disguised as a trusted source, and an unsuspecting individual, for example, opening an attachment to view a “friend's photograph” might in fact install malicious computer software (i.e., spyware, a virus, and/or other malware) on his or her computer. Similarly, an unsuspecting individual directed to a webpage made to look like an authentic login or authentication webpage might be deceived into submitting his or her username, password or other sensitive information to an attacker.
One particular type of phishing attack is notification based phishing. Notifications are short messages sent to computer devices to inform the user that an update is available to an application on the computing device. These short messages are sometimes referred to as pop-up messages or pop-ups. When the user clicks on, or activates, the notification, the application that triggered the notification is opened. For example, a user may receive a notification on a mobile phone from a social website, and when the user clicks on the notification, the application for that web site opens on the mobile phone.
Due to the near constant availability and very frequent use of mobile computing devices, notifications are particularly common on mobile computing devices.
In notification based phishing, a malicious application on a computing device will trigger a notification that is a near exact copy of a notification from a legitimate application. When the user clicks on the malicious notification, the malicious application opens up a log-in screen on the computing device that is a near exact copy of a log-in screen from a legitimate web site. Because the notification and screen are such near exact copies as those from valid enterprises, the user is fooled into thinking the screen is legitimate and hence secure.
The user could enter his or her credentials on the fake log-in screen. When the user clicks on the log-in button, the malicious application sends the credentials to the legitimate web site along with a request to open the legitimate application on the computing device. The legitimate website then opens its application on the user's computing device. The malicious application now has the use's credentials for this website, and the user is not even aware of this.
There are computer programs that prevent, guard against, or detect generic application phishing. These programs, however, tend to have important limitations.